CN110011781A - A kind of homomorphic cryptography method encrypting and support zero-knowledge proof for transaction amount - Google Patents
A kind of homomorphic cryptography method encrypting and support zero-knowledge proof for transaction amount Download PDFInfo
- Publication number
- CN110011781A CN110011781A CN201910160273.5A CN201910160273A CN110011781A CN 110011781 A CN110011781 A CN 110011781A CN 201910160273 A CN201910160273 A CN 201910160273A CN 110011781 A CN110011781 A CN 110011781A
- Authority
- CN
- China
- Prior art keywords
- ciphertext
- zero
- transaction
- amount
- transaction amount
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 51
- 230000008569 process Effects 0.000 claims description 21
- 230000008859 change Effects 0.000 claims description 10
- 238000012545 processing Methods 0.000 claims description 5
- 238000004590 computer program Methods 0.000 claims description 2
- 230000000977 initiatory effect Effects 0.000 claims 1
- 239000000654 additive Substances 0.000 description 3
- 230000000996 additive effect Effects 0.000 description 3
- 239000004744 fabric Substances 0.000 description 3
- RTZKZFJDLAIYFH-UHFFFAOYSA-N Diethyl ether Chemical compound CCOCC RTZKZFJDLAIYFH-UHFFFAOYSA-N 0.000 description 2
- 238000000354 decomposition reaction Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000012423 maintenance Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 125000004122 cyclic group Chemical group 0.000 description 1
- 235000013399 edible fruits Nutrition 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- PCHJSUWPFVWCPO-UHFFFAOYSA-N gold Chemical compound [Au] PCHJSUWPFVWCPO-UHFFFAOYSA-N 0.000 description 1
- 239000010931 gold Substances 0.000 description 1
- 229910052737 gold Inorganic materials 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/008—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3218—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs
- H04L9/3221—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs interactive zero-knowledge proofs
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Business, Economics & Management (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Accounting & Taxation (AREA)
- Finance (AREA)
- Strategic Management (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The invention discloses a kind of homomorphic cryptography methods for encrypting and supporting zero-knowledge proof for transaction amount, belong to field of information security technology.It include: that public key, private key and Zero Knowledge parameter are generated according to zero-knowledge proof requirement and Paillier algorithm;It according to given plaintext, is encrypted using Encryption Algorithm and public key, Zero Knowledge parameter, exports ciphertext (E, c1,c2);It according to given ciphertext, is decrypted using decipherment algorithm and private key, output is in plain text.Present invention improves over Paillier homomorphic algorithms, and ciphertext is divided into 3 parts (E, c1,c2), 3 parts can be used for the secure transactions amount of money on the whole, and the Zero Knowledge range that promise part E can also be used in transaction amount proves, so that Paillier algorithm is combined with the Zero Knowledge range proof promised to undertake based on FO, the range of ciphertext be supported to prove.The transaction amount encryption that can be not only used for account model is proved with range, it can also be used to which the transaction amount encryption of UTXO model is proved with range.
Description
Technical field
The invention belongs to field of information security technology, encrypt more particularly, to one kind for transaction amount and support zero
The homomorphic cryptography method of knowledge proof.
Background technique
The essence of block chain technology is, by the distributed data base for a sustainable growth for participating in safeguarding jointly in many ways, by
In its decentralization, collective's maintenance, it is open and clear, can not distort, the outstanding features such as quasi- anonymity receive significant attention.Work as proparea
It is most representative with bit coin, ether mill and super account book (Hyperledger Fabric) in block chain technology platform.
Hyperledger Fabric be one open source band license alliance's chain, whole network by common recognition service with it is numerous
Channel is constituted, and all channel share a set of common recognition service, and common recognition service is referred to as order.Each channel maintenance is certainly
Oneself account book, account book are shared between the member peer of channel.Because various functions module is pluggable, such as common recognition service,
Encryption Algorithm etc. can plug, and Fabric is general alliance's chain frame, come true at present on alliance's chain standard,
Such as Jingdone district, Ali, the block chain service platform of Huawei.But because the open and clear or a certain range of of account book discloses
The transaction amount of bright and quasi- anonymity, plaintext causes the leakage of privacy of user.Occur a variety of hiding transaction amount thus
Project, such as zerocash, monero, RingCT project.
Additive homomorphism algorithm also has very much, and Paillier homomorphic encryption algorithm comprehensive performance is best, however it does not support it is close
The range of text proves.
Summary of the invention
In view of the drawbacks of the prior art, it is an object of the invention to solve prior art Paillier homomorphic encryption algorithm not
The technical issues of supporting the range of ciphertext proves.
To achieve the above object, in a first aspect, the embodiment of the invention provides a kind of homomorphisms for supporting zero-knowledge proof to add
Decryption method, method includes the following steps:
S1. it is required and Paillier algorithm, generation public key, private key and Zero Knowledge parameter according to zero-knowledge proof;
S2. it according to given plaintext, is encrypted using Encryption Algorithm and public key, Zero Knowledge parameter, output ciphertext (E,
c1, c2);
S3. it according to given ciphertext, is decrypted using decipherment algorithm and private key, output is in plain text.
Specifically, step S1 specifically includes the following steps:
S101. g is generated in a manner of generating g in Paillier algorithm1;
S102. random number r < n is selected2, calculate g2=g1 rmod n2, and to meet gcd (L (g2 λmod n2), n)==1,
L (u)=(u-1)/n, λ=lcm (p-1, q-1);
S103. random number x < n is selected, h=g is calculated2 xmod n2;
Wherein, n=pq, p and q are to randomly select two Big primes, and lcm () is the least common multiple of two parameters, gcd
() is the greatest common divisor of two parameters;
At this point, the public key PaillierPub generated is (g1, g2, h, n), private key PaillierPrv is (λ, x), Zero Knowledge
Parameter zkpPrm is (g1, h, n2)。
Specifically, plaintext ciphering process Encrypt (m, PaillierPub, zkpPrm, r0, r1) specifically: in plain text
M, m ∈ Zn, select random number r0< n2, r1< n, ciphering process are as follows: c2
=r1 nmod n2, gained ciphertext is (E, c1, c2)。
Specifically, ciphertext decrypting process Decrypt ((E, c1, c2), PaillierPrv) specifically: for ciphertext (E, c1,
c2), decrypting process is
Specifically, ciphertext random nnrber decryption specifically:
For c1, c2, ciphertext random numberPlaintext random number
Second aspect, the embodiment of the invention provides a kind of block chain transaction amount encryption methods, which is characterized in that transaction
Amount of money encryption uses the homomorphic cryptography method of support zero-knowledge proof described in first aspect.
Specifically, the transaction amount that the homomorphic cryptography method can be not only used for account model is encrypted and is proved with range, can also
Transaction amount for UTXO model is encrypted and is proved with range.
Specifically, Alice transfers accounts to Bob, transaction amount T, initiates the flow chart of data processing of the Alice application end of transaction
It is as follows:
Step S1. obtains the parameter of parameter PaillierPubA, PaillierPrvA, zkpPrmA and Bob of Alice
PaillierPubB,zkpPrmB;
Step S2. is defeated with the homomorphic cryptography method decryption of support zero-knowledge proof according to PaillierPrvA and zkpPrmA
The UTXO amount of money (inputl, input2) entered verifies the UTXO amount of money, and calculates small change B:
After the step S3. good authentication UTXO amount of money, respectively according to PaillierPubA and zkpPrmA, PaillierPubB
And zkpPrmB, with support zero-knowledge proof homomorphic cryptography method encrypt transaction amount T, obtain ciphertext transaction amount c_ta and
c_tb;
Step S4. generates evidence ElproofT, to prove in the two promises of c_ta.E and c_tb.E comprising same number
According to T;
Step S5. is according to PaillierPubA and zkpPrmA, with the homomorphic cryptography method of support zero-knowledge proof to small change
It is encrypted, returns to Alice;
Total input amount of money c_inputsum that step S6. calculates ciphertext utxo input1, the sum of input2 is traded,
Total output amount of money c_outputsum of transaction is calculated using c_tb and c_ba;
Step S7. generates the transaction input evidence ElproofB equal with the transaction output amount of money;
Step S8. generates evidence ZkpRangeProofT for proving that T is greater than 0, generates evidence ZkpRangeProofB and uses
It is greater than 0 in proof B.
Specifically, step S2 specifically:
Decrypt (inputl, PaillierPrvA, zkpPrmA) decryption obtain plaintext inputlBalance, in plain text with
Machine number r0inputl;
Decrypt (input2, PaillierPrvA, zkpPrmA) decryption obtain plaintext input2Balance, in plain text with
Machine number r0input2;
Verifying input the amount of money whether be more than or equal to output amount of money T:check (inputlBalance+input2Balance >=
T), if so, calculating remaining sum B=inputlBalance+input2Balance-T, S3 is entered step;Otherwise, Fail Transaction,
Terminate.
The third aspect, the embodiment of the invention provides a kind of computer readable storage medium, the computer-readable storage mediums
Computer program is stored in matter, which realizes that support zero described in above-mentioned first aspect is known when being executed by processor
Know the homomorphic cryptography method proved.
In general, through the invention it is contemplated above technical scheme is compared with the prior art, have below beneficial to effect
Fruit:
Present invention improves over Paillier homomorphic algorithms, and ciphertext is divided into 3 parts (E, c1, c2), 3 parts are whole
On can be used for the secure transactions amount of money, promise to undertake that part E can also be used in the Zero Knowledge range of transaction amount and prove, so that Paillier
Algorithm is combined with the Zero Knowledge range proof promised to undertake based on FO, and the range of ciphertext is supported to prove.
Detailed description of the invention
Fig. 1 is the flow chart of data processing schematic diagram of Alice application end provided in an embodiment of the present invention;
Fig. 2 is intelligent contract processing flow schematic diagram provided in an embodiment of the present invention.
Specific embodiment
In order to make the objectives, technical solutions, and advantages of the present invention clearer, with reference to the accompanying drawings and embodiments, right
The present invention is further elaborated.It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, and
It is not used in the restriction present invention.
Paillier homomorphic encryption algorithm is a kind of additive homomorphism algorithm.
1. key generates
(1) two Big primes p and q are randomly selected.
(2) it calculates n=pq and λ=lcm (p-1, q-1), lcm () is the least common multiple of two parameters.
(3) random number g is chosen,And meet μ=(L (gλmod n2))-1Mod n exists, whereinFor not
Greater than n2Natural number constitute multiplicative group, L (u)=(u-1)/n.
At this point, public key is (n, g), private key is (λ, μ).
2. ciphering process
For plaintext m, m ∈ Zn, select random number r < n, ciphering process c=gmrnmod n2。
3. decrypting process
For ciphertext c, decrypting process is
Fujisaki-Okamoto promises to undertake (Fujisaki-Okamoto Commitment)
If Alice and Bob do not know the decomposition of n, g ∈ Zn *, the rank of h ∈ (g), g, h is greater than the prime number of 160bit, this makes
It is infeasible for generating calculating discrete logarithm in cyclic group at them.Alice does not know loggH and loghG randomly selects r ∈R{-
2sN+1,2sN-1 }, calculate E (x, r)=gxhrMod n sends E (x, r) to Bob as the promise to x.Alice is not knowing n
Decomposition and loggIn the case where h, it is impossible to find x1≠x2Meet E (x1, r1)=E (x2, r2);Bob be also impossible to from E (x,
R) any information about x is obtained in, which is statistics safety, which is referred to as that Fujisaki-Okamoto is held
Promise, abbreviation FO are promised to undertake.
Zero-knowledge proof
Zero-knowledge proof refers to that certifier can make verifier in the case where not providing any useful information to verifier
It is believed that some judgement is correctly, to be divided into interactive and two class of nonreciprocal.Zero-knowledge proof can be used for solving block chain secret protection,
The problems such as transaction legitimate verification.
In order to combine Paillier algorithm with the Zero Knowledge range proof promised to undertake based on FO, the present invention is to Paillier
Algorithm is improved.
1. key generates
g1Generating mode it is identical as the generating mode of g in original Paillier algorithm.
g2Generating mode: selection random number r < n2, calculate g2=g1 rmod n2, and to meet gcd (L (g2 λmod n2),
N)==1, L (u)=(u-1)/n, λ=lcm (p-1, q-1).
The generating mode of h: selection random number x < n calculates h=g2 xmod n2。
At this point, homomorphic algorithm public key PaillierPub is (g1, g2, h, n), private key PaillierPrv is (λ, x), and zero knows
Knowledge parameter zkpPrm is (g1, h, n2)。
2. plaintext ciphering process Encrypt (m, PaillierPub, zkpPrm, r0, r1)
For plaintext m, m ∈ Zn, select random number r0< n2, r1< n, ciphering process are as follows:c2=r1 nmod n2, gained ciphertext is (E, c1, c2)。
3. ciphertext decrypting process Decrypt ((E, c1, c2), PaillierPrv)
For ciphertext (E, c1, c2), decrypting process is
4. ciphertext random nnrber decryption process
For c1, c2, ciphertext random numberPlaintext random number
5. additive homomorphism attribute
Equipped with plaintext ma, mb, they are encrypted and obtains ciphertext Encrpt (m respectivelya)=(Ea, c1a, c2a)、Encrpt(mb)
=(Eb, c1b, c2b)。
Define Encrpt (ma)Encrpt(mb)=(E, c1, c2), wherein E=EaEbmod n2, c1=c1ac1bmod n2, c2
=c2ac2bmod n2。
Decrypting process is as follows:
,
It obtains
Wherein, r0a, r0bIt is to calculate E respectivelya, EbWhen the random number used, r1a, r1bIt is to calculate c respectively2a, c2bWhen use
Random number.
A kind of improvement Paillier homomorphic encryption algorithm proposed by the present invention, can be used not only for adding transaction amount
It is close, and support the ciphertext range check with zero-knowledge proof.The present invention can be used not only for the transaction amount of account model
Encryption proves that can be used for UTXO model, (Unspent Transaction Output, the transaction not spent are defeated with range
Transaction amount encryption out) is proved with range.
UTXO model
Every transaction has several transaction to input, that is, funds source, also has several transactions to export, that is, provide
Golden whereabouts.In general, each transaction will spend (spend) input, generate an output, and defeated caused by it
Out, exactly " the transaction output not spent ", that is, UTXO.UTXO (Unspent Transaction Outputs) is not
The transaction of cost exports, it is the key concept that the transaction of bit coin is generated and verified.Transaction constitutes one group of chain structure,
The output that all legal bit coin transaction are traded before can tracing back to one or more, the source of these chains is all to dig
Mine reward, end are then the transaction output not spent currently.
Encryption process has been described in detail in the present invention by taking UTXO model as an example, and Zero Knowledge of the encryption amount of money greater than 0 is demonstrate,proved
Bright process.Ciphertext (E, c of the invention1, c2) be made of three parts, entirety is for decrypting, wherein E is demonstrate,proved for various Zero Knowledges
It is bright, depending on different scenes, it can be used for the equal proof of transaction amount, the output equality of the input and transaction of transaction proves,
Small change and transaction amount are greater than 0 proof.
These FO are promised to undertake and Zero Knowledge range identification protocol is existing as a result, the present invention is not unfolded to describe, and only description is used
Function function.
Function ElproofGenerator can be used for proving under cover same in two promises for generating Elproof
The evidence of data.
Function ZKPRangeProofGenerator can be used for proving FO for generating range evidence ZkpRangeProof
The data hidden in promise are located at the evidence in the section [a, b].
Function ElproofValidator is used to utilize Elproof, it was demonstrated that conceals same number really in two promises
According to.
Function ZKPRangeProofValidator is used for utilization scope evidence ZkpRangeProof, it was demonstrated that during FO is promised to undertake
The data hidden are located at really in the section [a, b].
One is typically described as follows: Alice transfers accounts to Bob, and transaction amount is T (tokens), the ciphertext utxo of input
For input1, input2, small change B.We illustrate by taking above-mentioned transaction as an example the chaincode in client and chain how work
Make.
As shown in Figure 1, the flow chart of data processing of Alice application end is as follows:
Step S1. obtains the parameter of parameter PaillierPubA, PaillierPrvA, zkpPrmA and Bob of Alice
PaillierPubB、zkpPrmB。
Step S2. is according to PaillierPrvA and zkpPrmA, with the UTXO gold of improved Paillier algorithm decryption input
Volume (inputl, input2) verifies the UTXO amount of money, and calculates small change.
Decrypt (inputl, PaillierPrvA, zkpPrmA) decryption obtain plaintext input1Balance, in plain text with
Machine number r0input1.
Decrypt (input2, PaillierPrvA, zkpPrmA) decryption obtain plaintext input2Balance, in plain text with
Machine number r0input2.
Whether the verifying input amount of money is more than or equal to output amount of money T:check (input1 Balance+input2Balance
>=T), if so, calculating remaining sum B=input1Balance+input2Balance-T, enter step S3;Otherwise, transaction is lost
It loses, terminates.
For step S3. respectively according to PaillierPubA and zkpPrmA, PaillierPubB and zkpPrmB, use is improved
Paillier algorithm for encryption transaction amount T obtains ciphertext transaction amount c_ta and c_tb.
Select random number r0_ta < PaillierpubA.n2, select random number r1_ta < PaillierpubA.n.Using
Encrypt (T, PaillierPubA, zkpPrmA, r0_ta, r1_ta) generates ciphertext transaction amount c_ta for Alice.
Select random number r0_tb < PaillierpubB.n2, select random number r1_tb < PaillierpubB.n.Using
Encrypt (T, PaillierPubB, zkpPrmB, r0_tb, r1tb) generates ciphertext transaction amount c_tb for Bob.
Step S4. generates evidence ElproofT, to prove in the two promises of c_ta.E and c_tb.E comprising same number
According to T.
ElproofGenerator (T, r0_ta, r0_tb, PaillierPubA, PaillierPubB, zkpPrmB,
ZkpPrmA, c_ta.E, c_tb.E) generate evidence Elproof (c_ta, c_tb)=ElproofT.
Step S5. encrypts small change with improved Paillier algorithm according to PaillierPubA and zkpPrmA,
Return to Alice.
Select random number r0_ba < PaillierpubA.n2, r1_ba < PaillierpubA.n.Using Encrypt (B,
PaillierPubA, zkpPrmA, r0_ba, r1_ba) generate ciphertext small change c_ba.
Total input amount of money c_inputsum that step S6. calculates ciphertext utxo input1, the sum of input2 is traded,
Total output amount of money c_outputsum of transaction is calculated using c_tb and c_ba.
Step S7. generates the transaction input evidence ElproofB equal with the transaction output amount of money.
R0_input=r0input1+r0input2.
R0_output=r0_ba+r0_ta.
Sum=input1 Balance+input2Balance.
Generate evidence ElproofGenerator (sum, r0_input, r0_output, PaillierPubA, Paillier
PubA, zkpPrmA, zkpPrmA, c_inputsum.E, c_outputsum.E)=ElproofB.
Step S8. generates evidence, to prove that T and B are both greater than 0.
ZKPRangeProofGenerator (T, r0_ta, c_ta.E, PaillierPubA, zkpPrmA, range [0,
B]) evidence ZkpRangeProofT is generated for proving that T is greater than 0.
ZKPRangeProofGenerator (B, r0_ba, c_ba.E, PaillierPubA, zkpPrmA, range [0,
B]) evidence ZkpRangeProofB is generated for proving that B is greater than 0.
Related data group is put on block chain chain, is specifically included: ciphertext c_ta, the c_tb of transaction amount to hand at transaction
Ciphertext remaining sum c_ba, ElproofT, ElproofB, ZkpRangeProofT, ZkpRangeProofB after easily, for for block
Chain link point is verified.
Ciphertext (E, c of the invention1, c2) be made of three parts, entirety is for decrypting, wherein E is used for various Zero Knowledges
It proves, depending on different scenes, can be used for the equal proof of transaction amount, the input of transaction is demonstrate,proved with the output equality of transaction
It is bright, the proof of small change and transaction amount greater than 0.
As shown in Fig. 2, the intelligent contract at intelligence chain code end is used to verify the legitimacy of transaction, intelligent contract process flow is such as
Under:
Step S1. obtain Alice parameter PaillierPubA, zkpPrmA, obtain Bob parameter PaillierPubB,
ZkpPrmB, in the transaction sent from client obtain ElproofT, ElproofB, ZkpRangeProofT,
ZkpRangeProofB、input1、input2、c_ta、c_tb、c_ba。
Step S2. verifying promises to undertake that c_ta.E and c_tb.E conceal same number T.
ElproofValidator (c_ta.E, c_tD.E, PaillierPubA, PaillierPubB, zkpPrmA,
ZkpPrmB, ElproofT).
The step S3. verifying transaction input amount of money is equal with the transaction output amount of money.
E_output=c_ta.E*c_ba.E mod PaillierPubA.n2。
E_input=Inputl.E*Input2.E mod PaillierPubA.n2。
ElproofValidator (E_output, E_input, PaillierPubA, PaillierPubA, zkpPrmA,
ZkpPrmA, ElproofB).
Step S4. verifying promises to undertake that the data value that c_ta.E and c_ba.E hide is greater than 0.
ZKPRangeProofValidator (ZkpRangeProofT, c_ta.E, PaillierPubA, zkpPrmA).
ZKPRangeProofValidator (ZkpRangeProofB, c_ba.E, PaillierPubA, zkpPrmA).
It verifies each time, the Fail Transaction if authentication failed;Otherwise, continue subsequent step.If above-mentioned all verifyings
Pass through, then illustrates that chain code end (at block chain node) verifying transaction is legal.
More than, the only preferable specific embodiment of the application, but the protection scope of the application is not limited thereto, and it is any
Within the technical scope of the present application, any changes or substitutions that can be easily thought of by those familiar with the art, all answers
Cover within the scope of protection of this application.Therefore, the protection scope of the application should be subject to the protection scope in claims.
Claims (10)
1. a kind of homomorphic cryptography method for supporting zero-knowledge proof, which is characterized in that method includes the following steps:
S1. it is required and Paillier algorithm, generation public key, private key and Zero Knowledge parameter according to zero-knowledge proof;
S2. it according to given plaintext, is encrypted using Encryption Algorithm and public key, Zero Knowledge parameter, exports ciphertext (E, c1,c2);
S3. it according to given ciphertext, is decrypted using decipherment algorithm and private key, output is in plain text.
2. homomorphic cryptography method as described in claim 1, which is characterized in that step S1 specifically includes the following steps:
S101. g is generated in a manner of generating g in Paillier algorithm1;
S102. random number r < n is selected2, calculate g2=g1 rmodn2, and to meet gcd (L (g2 λmodn2), n)==1, L (u)=
(u-1)/n, λ=lcm (p-1, q-1);
S103. random number x < n is selected, h=g is calculated2 xmodn2;
Wherein, n=pq, p and q are to randomly select two Big primes, and lcm () is the least common multiple of two parameters, gcd ()
For the greatest common divisor of two parameters;
At this point, the public key PaillierPub generated is (g1,g2, h, n), private key PaillierPrv is (λ, x), Zero Knowledge parameter
ZkpPrm is (g1,h,n2)。
3. homomorphic cryptography method as claimed in claim 2, which is characterized in that plaintext ciphering process Encrypt (m,
PaillierPub,zkpPrm,r0,r1) specifically: for plaintext m, m ∈ Zn, select random number r0< n2,r1< n, ciphering process
Are as follows:c2=r1 nmodn2, gained ciphertext is (E, c1,c2)。
4. homomorphic cryptography method as claimed in claim 2, which is characterized in that ciphertext decrypting process Decrypt ((E, c1,c2),
PaillierPrv) specifically: for ciphertext (E, c1,c2), decrypting process is
5. homomorphic cryptography method as claimed in claim 2, which is characterized in that ciphertext random nnrber decryption specifically:
For c1,c2, ciphertext random numberPlaintext random number
6. a kind of block chain transaction amount encryption method, which is characterized in that transaction amount encryption uses any one of claim 1-5
The homomorphic cryptography method of the support zero-knowledge proof.
7. block chain transaction amount encryption method as claimed in claim 6, which is characterized in that the homomorphic cryptography method both may be used
Transaction amount for account model is encrypted and is proved with range, it can also be used to which transaction amount encryption and the range of UTXO model are demonstrate,proved
It is bright.
8. block chain transaction amount encryption method as claimed in claim 6, which is characterized in that Alice transfers accounts to Bob, transaction
The amount of money is T, and the flow chart of data processing for initiating the Alice application end of transaction is as follows:
Step S1. obtains the parameter of parameter PaillierPubA, PaillierPrvA, zkpPrmA and Bob of Alice
PaillierPubB,zkpPrmB;
Step S2. is according to PaillierPrvA and zkpPrmA, with the homomorphic cryptography method decryption input for supporting zero-knowledge proof
The UTXO amount of money (input1, input2) verifies the UTXO amount of money, and calculates small change B;
After the step S3. good authentication UTXO amount of money, respectively according to PaillierPubA and zkpPrmA, PaillierPubB and
ZkpPrmB obtains ciphertext transaction amount c_ta and c_ with supporting the homomorphic cryptography method of zero-knowledge proof to encrypt transaction amount T
tb;
Step S4. generates evidence ElproofT, to prove in the two promises of c_ta.E and c_tb.E comprising the same data T;
Step S5. carries out small change with the homomorphic cryptography method of support zero-knowledge proof according to PaillierPubA and zkpPrmA
Encryption, returns to Alice;
Total input amount of money c_inputsum that step S6. calculates ciphertext utxo input1, the sum of input2 is traded is utilized
C_tb and c_ba calculates total output amount of money c_outputsum of transaction;
Step S7. generates the transaction input evidence ElproofB equal with the transaction output amount of money;
Step S8. generates evidence ZkpRangeProofT for proving that T is greater than 0, generates evidence ZkpRangeProofB for demonstrate,proving
Bright B is greater than 0.
9. block chain transaction amount encryption method as claimed in claim 8, which is characterized in that step S2 specifically:
Decrypt (input1, PaillierPrvA, zkpPrmA) decryption obtains plaintext input1Balance, plaintext random number
r0input1;
Decrypt (input2, PaillierPrvA, zkpPrmA) decryption obtains plaintext input2Balance, plaintext random number
r0input2;
Whether the verifying input amount of money is more than or equal to output amount of money T:check (input1Balance+input2Balance >=T),
If so, calculating remaining sum B=input1Balance+input2Balance-T, S3 is entered step;Otherwise, Fail Transaction, knot
Beam.
10. a kind of computer readable storage medium, which is characterized in that be stored with computer on the computer readable storage medium
Program realizes such as support zero-knowledge proof described in any one of claim 1 to 5 when the computer program is executed by processor
Homomorphic cryptography method.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910160273.5A CN110011781B (en) | 2019-03-04 | 2019-03-04 | Homomorphic encryption method and medium for transaction amount encryption and supporting zero knowledge proof |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910160273.5A CN110011781B (en) | 2019-03-04 | 2019-03-04 | Homomorphic encryption method and medium for transaction amount encryption and supporting zero knowledge proof |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110011781A true CN110011781A (en) | 2019-07-12 |
CN110011781B CN110011781B (en) | 2020-05-19 |
Family
ID=67166369
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910160273.5A Expired - Fee Related CN110011781B (en) | 2019-03-04 | 2019-03-04 | Homomorphic encryption method and medium for transaction amount encryption and supporting zero knowledge proof |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110011781B (en) |
Cited By (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110855631A (en) * | 2019-10-24 | 2020-02-28 | 南京可信区块链与算法经济研究院有限公司 | Monitorable zero knowledge verification method and system in block chain and storage medium |
CN111429138A (en) * | 2020-03-25 | 2020-07-17 | 中国工商银行股份有限公司 | Block link point data safety interaction method and first interaction node |
CN111552736A (en) * | 2020-03-30 | 2020-08-18 | 深圳壹账通智能科技有限公司 | Method, device and storage medium for comparing peer-to-peer relationship of encrypted data |
WO2021031460A1 (en) * | 2019-08-20 | 2021-02-25 | 深圳市网心科技有限公司 | Block chain transaction settlement method and system, and related device |
CN112418857A (en) * | 2020-11-30 | 2021-02-26 | 北京八分量信息科技有限公司 | UTXO model-based hidden transaction method and device and related product |
WO2021081866A1 (en) * | 2019-10-31 | 2021-05-06 | 深圳市网心科技有限公司 | Transaction method, device, and system based on account model, and storage medium |
CN112765667A (en) * | 2021-01-29 | 2021-05-07 | 北京市计算中心 | Privacy protection method, device and system based on block chain |
CN112765668A (en) * | 2021-01-31 | 2021-05-07 | 西安电子科技大学 | Zero-knowledge proof privacy protection method, system, storage medium and equipment |
CN112785306A (en) * | 2021-01-28 | 2021-05-11 | 武汉天喻聚联科技有限公司 | Identical encryption method based on Paillier and application system |
CN112989390A (en) * | 2021-04-15 | 2021-06-18 | 深圳前海移联科技有限公司 | Block chain homogeneous data sharing method based on pluggable homomorphic encryption |
WO2021120861A1 (en) * | 2019-12-17 | 2021-06-24 | 支付宝(杭州)信息技术有限公司 | Method and apparatus for multi-party joint model data processing |
CN113159762A (en) * | 2021-01-28 | 2021-07-23 | 武汉天喻信息产业股份有限公司 | Block chain transaction method based on Paillier and game theory |
CN113222758A (en) * | 2021-05-08 | 2021-08-06 | 华中科技大学 | Alliance chain transaction information monitoring method, system and terminal on the premise of privacy |
CN115203749A (en) * | 2022-09-16 | 2022-10-18 | 天聚地合(苏州)科技股份有限公司 | Data transaction method and system based on block chain |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020103999A1 (en) * | 2000-11-03 | 2002-08-01 | International Business Machines Corporation | Non-transferable anonymous credential system with optional anonymity revocation |
US20150295710A1 (en) * | 2014-04-11 | 2015-10-15 | Thomson Licensing | Paillier-based blind decryption methods and devices |
CN105491006A (en) * | 2015-11-13 | 2016-04-13 | 河南师范大学 | Device and method for sharing cloud outsourcing key |
CN107682151A (en) * | 2017-10-30 | 2018-02-09 | 武汉大学 | A kind of GOST digital signature generation method and system |
WO2018147800A1 (en) * | 2017-02-09 | 2018-08-16 | Huawei International Pte. Ltd. | System and method for computing private keys for self certified identity based signature schemes |
CN108418689A (en) * | 2017-11-30 | 2018-08-17 | 矩阵元技术(深圳)有限公司 | A kind of the zero-knowledge proof method and medium of suitable block chain secret protection |
CN108667626A (en) * | 2018-07-20 | 2018-10-16 | 陕西师范大学 | The two sides cooperation SM2 endorsement methods of safety |
US10200347B2 (en) * | 2014-07-22 | 2019-02-05 | Nanthealth, Inc. | Homomorphic encryption in a healthcare network environment, system and methods |
-
2019
- 2019-03-04 CN CN201910160273.5A patent/CN110011781B/en not_active Expired - Fee Related
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020103999A1 (en) * | 2000-11-03 | 2002-08-01 | International Business Machines Corporation | Non-transferable anonymous credential system with optional anonymity revocation |
US20150295710A1 (en) * | 2014-04-11 | 2015-10-15 | Thomson Licensing | Paillier-based blind decryption methods and devices |
US10200347B2 (en) * | 2014-07-22 | 2019-02-05 | Nanthealth, Inc. | Homomorphic encryption in a healthcare network environment, system and methods |
CN105491006A (en) * | 2015-11-13 | 2016-04-13 | 河南师范大学 | Device and method for sharing cloud outsourcing key |
WO2018147800A1 (en) * | 2017-02-09 | 2018-08-16 | Huawei International Pte. Ltd. | System and method for computing private keys for self certified identity based signature schemes |
CN107682151A (en) * | 2017-10-30 | 2018-02-09 | 武汉大学 | A kind of GOST digital signature generation method and system |
CN108418689A (en) * | 2017-11-30 | 2018-08-17 | 矩阵元技术(深圳)有限公司 | A kind of the zero-knowledge proof method and medium of suitable block chain secret protection |
CN108667626A (en) * | 2018-07-20 | 2018-10-16 | 陕西师范大学 | The two sides cooperation SM2 endorsement methods of safety |
Cited By (20)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2021031460A1 (en) * | 2019-08-20 | 2021-02-25 | 深圳市网心科技有限公司 | Block chain transaction settlement method and system, and related device |
CN110855631B (en) * | 2019-10-24 | 2022-05-17 | 南京可信区块链与算法经济研究院有限公司 | Method, system and storage medium for verifying supervision-capable zero knowledge in block chain |
CN110855631A (en) * | 2019-10-24 | 2020-02-28 | 南京可信区块链与算法经济研究院有限公司 | Monitorable zero knowledge verification method and system in block chain and storage medium |
WO2021081866A1 (en) * | 2019-10-31 | 2021-05-06 | 深圳市网心科技有限公司 | Transaction method, device, and system based on account model, and storage medium |
WO2021120861A1 (en) * | 2019-12-17 | 2021-06-24 | 支付宝(杭州)信息技术有限公司 | Method and apparatus for multi-party joint model data processing |
CN111429138A (en) * | 2020-03-25 | 2020-07-17 | 中国工商银行股份有限公司 | Block link point data safety interaction method and first interaction node |
CN111552736A (en) * | 2020-03-30 | 2020-08-18 | 深圳壹账通智能科技有限公司 | Method, device and storage medium for comparing peer-to-peer relationship of encrypted data |
CN112418857B (en) * | 2020-11-30 | 2023-06-30 | 北京八分量信息科技有限公司 | Hidden transaction method and device based on UTXO model and related products |
CN112418857A (en) * | 2020-11-30 | 2021-02-26 | 北京八分量信息科技有限公司 | UTXO model-based hidden transaction method and device and related product |
CN112785306A (en) * | 2021-01-28 | 2021-05-11 | 武汉天喻聚联科技有限公司 | Identical encryption method based on Paillier and application system |
CN113159762A (en) * | 2021-01-28 | 2021-07-23 | 武汉天喻信息产业股份有限公司 | Block chain transaction method based on Paillier and game theory |
CN112785306B (en) * | 2021-01-28 | 2023-08-15 | 武汉天喻聚联科技有限公司 | Homomorphic encryption method and application system based on Paillier |
CN113159762B (en) * | 2021-01-28 | 2024-04-09 | 武汉天喻信息产业股份有限公司 | Blockchain transaction method based on Paillier and game theory |
CN112765667B (en) * | 2021-01-29 | 2022-04-26 | 北京市计算中心有限公司 | Privacy protection method, device and system based on block chain |
CN112765667A (en) * | 2021-01-29 | 2021-05-07 | 北京市计算中心 | Privacy protection method, device and system based on block chain |
CN112765668A (en) * | 2021-01-31 | 2021-05-07 | 西安电子科技大学 | Zero-knowledge proof privacy protection method, system, storage medium and equipment |
CN112765668B (en) * | 2021-01-31 | 2023-01-03 | 西安电子科技大学 | Zero-knowledge proof privacy protection method, system, storage medium and equipment |
CN112989390A (en) * | 2021-04-15 | 2021-06-18 | 深圳前海移联科技有限公司 | Block chain homogeneous data sharing method based on pluggable homomorphic encryption |
CN113222758A (en) * | 2021-05-08 | 2021-08-06 | 华中科技大学 | Alliance chain transaction information monitoring method, system and terminal on the premise of privacy |
CN115203749A (en) * | 2022-09-16 | 2022-10-18 | 天聚地合(苏州)科技股份有限公司 | Data transaction method and system based on block chain |
Also Published As
Publication number | Publication date |
---|---|
CN110011781B (en) | 2020-05-19 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110011781A (en) | A kind of homomorphic cryptography method encrypting and support zero-knowledge proof for transaction amount | |
Sonnino et al. | Coconut: Threshold issuance selective disclosure credentials with applications to distributed ledgers | |
CN106961336B (en) | A kind of key components trustship method and system based on SM2 algorithm | |
CN110414981A (en) | A kind of homomorphic cryptography method that supporting ZKPs and block chain transaction amount encryption method | |
Di Raimondo et al. | Deniable authentication and key exchange | |
EP0786178B1 (en) | Secret-key certificates | |
US10846372B1 (en) | Systems and methods for trustless proof of possession and transmission of secured data | |
Xu et al. | K-anonymous secret handshakes with reusable credentials | |
Au et al. | Constant-size dynamic k-times anonymous authentication | |
US20120278609A1 (en) | Joint encryption of data | |
Harn et al. | Verifiable secret sharing based on the Chinese remainder theorem | |
CN1937496A (en) | Extensible false name certificate system and method | |
Rass et al. | Cryptography for security and privacy in cloud computing | |
Döttling et al. | McFly: verifiable encryption to the future made practical | |
CN112785306A (en) | Identical encryption method based on Paillier and application system | |
Kiayias et al. | Concurrent blind signatures without random oracles | |
De La Piedra et al. | Towards a full-featured implementation of attribute based credentials on smart cards | |
CN115883102B (en) | Cross-domain identity authentication method and system based on identity credibility and electronic equipment | |
Li et al. | A forward-secure certificate-based signature scheme | |
CN109495478A (en) | A kind of distributed security communication means and system based on block chain | |
Zhang et al. | Privacy‐friendly weighted‐reputation aggregation protocols against malicious adversaries in cloud services | |
Hajny et al. | Anonymous credentials with practical revocation | |
Chang et al. | A highly efficient and secure electronic cash system based on secure sharing in cloud environment | |
Zhang et al. | Accountable monero system with privacy protection | |
Longo | Formal Proofs of Security for Privacy-Preserving Blockchains and other Cryptographic Protocols |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20200519 |
|
CF01 | Termination of patent right due to non-payment of annual fee |